Re: Possible Sudden Uptick in ASA DOS?

2015-07-09 Thread Colin Johnston
you would think a researcher would stop once he realised effect being caused ? Colin On 9 Jul 2015, at 14:08, Jared Mauch ja...@puck.nether.net wrote: My guess is a researcher. We saw the same issue in the past with a Cisco microcode bug and people doing ping record route. When it went

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Marco Teixeira
Probably because he got good advise from his father :) On Thu, Jul 9, 2015 at 3:46 PM, Harald Koch c...@pobox.com wrote: On 9 July 2015 at 09:11, Mike Hammett na...@ics-il.net wrote: I think you're confusing very common for a tech guy and very common for the common man. I have a dozen or

Re: Hotels/Airports with IPv6

2015-07-09 Thread Oliver O'Boyle
We manage 65+ hotels in Canada and the topic of IPv6 for guest internet connectivity has never been brought up, except by me. It's not a discussion our vendors or the hotel brands have opened either. On Thu, Jul 9, 2015 at 11:04 AM, Mel Beckman m...@beckman.org wrote: I working on a large

Re: Possible Sudden Uptick in ASA DOS?

2015-07-09 Thread Jared Mauch
I’m sure they did. It could also have been any number of other things. I’m just guessing. It could have been someone trying to scan their enterprise too and went a bit rogue. Not everyone reads NANOG believe it or not :) Either way, if you haven’t upgraded for a 9 month old security

Re: Possible Sudden Uptick in ASA DOS?

2015-07-09 Thread Christopher Morrow
On Thu, Jul 9, 2015 at 10:09 AM, Colin Johnston col...@gt86car.org.uk wrote: you would think a researcher would stop once he realised effect being caused ? how would he/she know?

Re: Hotels/Airports with IPv6

2015-07-09 Thread Bruce Curtis
On Jul 9, 2015, at 9:53 AM, Jared Mauch ja...@puck.nether.net wrote: It’s my understanding that many captive portals have trouble with IPv6 traffic and this is a blocker for places. I’m wondering what people who deploy captive portals are doing with these things?

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Harald Koch
On 9 July 2015 at 09:11, Mike Hammett na...@ics-il.net wrote: I think you're confusing very common for a tech guy and very common for the common man. I have a dozen or two v4 subnets in my house. Then again, I also run my ISP out of my house, so I have a ton of stuff going on. I can't even

RE: Hotels/Airports with IPv6

2015-07-09 Thread Dennis Burgess
Most hotels etc, are perfectly happy doing NAT. Dennis Burgess, CTO, Link Technologies, Inc. den...@linktechs.net – 314-735-0270 – www.linktechs.net -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Oliver O'Boyle Sent: Thursday, July 09, 2015 10:20 AM To:

Re: Hotels/Airports with IPv6

2015-07-09 Thread Mel Beckman
I working on a large airport WiFi deployment right now. IPv6 is allowed for in the future but not configured in the short term. With less than 10,000 ephemeral users, we don't expect users to demand IPv6 until most mobile devices and apps come ready to use IPv6 by default. -mel beckman On

Re: Hotels/Airports with IPv6

2015-07-09 Thread Ca By
On Thursday, July 9, 2015, Mel Beckman m...@beckman.org wrote: I working on a large airport WiFi deployment right now. IPv6 is allowed for in the future but not configured in the short term. With less than 10,000 ephemeral users, we don't expect users to demand IPv6 until most mobile devices

Re: Hotels/Airports with IPv6

2015-07-09 Thread Oliver O'Boyle
Yep, because most don't even know what NAT is! On Thu, Jul 9, 2015 at 11:33 AM, Dennis Burgess dmburg...@linktechs.net wrote: Most hotels etc, are perfectly happy doing NAT. Dennis Burgess, CTO, Link Technologies, Inc. den...@linktechs.net – 314-735-0270 – www.linktechs.net -Original

Hotels/Airports with IPv6

2015-07-09 Thread Jared Mauch
It’s my understanding that many captive portals have trouble with IPv6 traffic and this is a blocker for places. I’m wondering what people who deploy captive portals are doing with these things? https://tools.ietf.org/html/draft-wkumari-dhc-capport seems to be trying to document the method to

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Owen DeLong
On Jul 9, 2015, at 08:42 , Matthew Huff mh...@ox.com wrote: What am I missing? Is it just the splitting on the sextet boundary that is an issue, or do people think people really need 64k subnets per household? It’s the need for a large enough bitfield to do more flexible things with

RE: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Matthew Huff
What am I missing? Is it just the splitting on the sextet boundary that is an issue, or do people think people really need 64k subnets per household? With /56 you are giving each residential customer: 256 subnets x 18,446,744,073,709,551,616 hosts per subnet. I would expect at least 95.0% of

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Harald Koch
On 9 July 2015 at 11:42, Matthew Huff mh...@ox.com wrote: What am I missing? Is it just the splitting on the sextet boundary that is an issue, or do people think people really need 64k subnets per household? One thing you're missing is that some of these new-fangled uses for IP networking

RE: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Matthew Huff
When I see a car that needs a /56 subnet then I’ll take your use case seriously. Otherwise, it’s just plain laughable. Yes, I could theorize a use case for this, but then I could theorize that someday everyone will get to work using jetpacks. We have prefix delegation already via DHCP-PD, but

RE: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Naslund, Steve
It seems like there might be several incorrect assumptions here leading to over thinking the issue. 1. Over a long period of time, will the size or number of subnets be significantly different than today. Even today a bunch of our assumptions on why subnets are created the way they

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Dave Taht
On Thu, Jul 9, 2015 at 9:01 AM, Harald Koch c...@pobox.com wrote: On 9 July 2015 at 11:42, Matthew Huff mh...@ox.com wrote: What am I missing? Is it just the splitting on the sextet boundary that is an issue, or do people think people really need 64k subnets per household? It is wasting that

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Owen DeLong
On Jul 9, 2015, at 09:16 , Matthew Huff mh...@ox.com wrote: When I see a car that needs a /56 subnet then I’ll take your use case seriously. Otherwise, it’s just plain laughable. Yes, I could theorize a use case for this, but then I could theorize that someday everyone will get to work

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Baldur Norddahl
Den 09/07/2015 18.08 skrev Owen DeLong o...@delong.com: That will never happen. If you offer me $1000 per IPv4, then I will happily terminate some user contracts and sell their IP space to you… Eventually, you run out of user contracts to terminate. At $1000 per contract I do not care. I

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Owen DeLong
My parents are non-technical. Other than a little help connecting her airport to the cable modem, I had nothing to do with the design and implementation of their networks. They have at least 7 distinct subnets in their house that I know of. Some of them are routed together. Some of them are

Re: Hotels/Airports with IPv6

2015-07-09 Thread Oliver O'Boyle
Absolutely agree. It's not their job to even know to ask for a specific protocol version in the first place. Their experience should be as seamless and consistent as possible at all times. What we should be be concerned about is that the hospitality industry is so far behind the game on

RE: Hotels/Airports with IPv6

2015-07-09 Thread Jacques Latour
Just turn IPv6 on when you can. We manage 65+ hotels in Canada and the topic of IPv6 for guest internet connectivity has never been brought up, except by me. It's not a discussion our vendors or the hotel brands have opened either. I would argue customers never asked an IPv4 connection

Re: Hotels/Airports with IPv6

2015-07-09 Thread Marcin Cieslak
On Thu, 9 Jul 2015, Ca By wrote: On Thursday, July 9, 2015, Mel Beckman m...@beckman.org wrote: I working on a large airport WiFi deployment right now. IPv6 is allowed for in the future but not configured in the short term. With less than 10,000 ephemeral users, we don't expect users to

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Matthew Kaufman
On Jul 9, 2015, at 4:07 PM, Owen DeLong o...@delong.com wrote: On Jul 9, 2015, at 15:45 , Ricky Beam jfb...@gmail.com wrote: On Thu, 09 Jul 2015 18:05:00 -0400, Owen DeLong o...@delong.com wrote: Look again… IPv6 is already more than 20% of Google traffic in the US. 20% of *1*

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Karl Auer
On Thu, 2015-07-09 at 19:06 -0500, Mike Hammett wrote: Solutions looking for problems. I get a few subnets (though don't foresee it being likely). Someone here was mentioning dozens or hundreds of subnets for a residential customer. Um, no. Actually I was mentioning thousands. What you

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread John Curran
On Jul 9, 2015, at 9:02 PM, Matthew Kaufman matt...@matthew.atmailto:matt...@matthew.at wrote: On Jul 9, 2015, at 4:07 PM, Owen DeLong o...@delong.commailto:o...@delong.com wrote: ... You are correct… In order for 20% of Google’s traffic to come from IPv6 connected devices, there would

Re: Also Facebook (was: Re: Dual stack IPv6 for IPv4 depletion)

2015-07-09 Thread Ricky Beam
On Thu, 09 Jul 2015 21:48:06 -0400, John Curran jcur...@arin.net wrote: Both techniques indicate more than 20% of the US Internet users are connecting via IPv6. Interesting method that's full of holes (and they know it), but it's data nonetheless. Globally, it's still ~4.5%. Within my own

RE: Possible Sudden Uptick in ASA DOS?

2015-07-09 Thread Chuck Church
-Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Jared Mauch Sent: Thursday, July 09, 2015 9:08 AM To: Colin Johnston Cc: nanog@nanog.org Subject: Re: Possible Sudden Uptick in ASA DOS? My guess is a researcher. I wouldn't classify someone sending known

Also Facebook (was: Re: Dual stack IPv6 for IPv4 depletion)

2015-07-09 Thread John Curran
On Jul 9, 2015, at 9:31 PM, John Curran jcur...@arin.netmailto:jcur...@arin.net wrote: ... Both techniques indicate more than 20% of the US Internet users are connecting via IPv6. You might also want to review Paul Saab’s presentation regarding what Facebook actually sees for IPv6 traffic and

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Owen DeLong
On Jul 9, 2015, at 16:28 , Ricky Beam jfb...@gmail.com wrote: On Thu, 09 Jul 2015 19:08:56 -0400, Owen DeLong o...@delong.com wrote: the reality I’m trying to point out is that application developers make assumptions based on the commonly deployed environment that they expect in the

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Mark Andrews
In message d51a9dbc-03a7-4ce9-88ec-17d7d7570...@matthew.at, Matthew Kaufman w rites: On Jul 9, 2015, at 4:07 PM, Owen DeLong o...@delong.com wrote: On Jul 9, 2015, at 15:45 , Ricky Beam jfb...@gmail.com wrote: On Thu, 09 Jul 2015 18:05:00 -0400, Owen DeLong o...@delong.com wrote:

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Laszlo Hanyecz
On Jul 9, 2015, at 11:08 PM, Owen DeLong o...@delong.com wrote: On Jul 9, 2015, at 15:55 , Ricky Beam jfb...@gmail.com wrote: On Thu, 09 Jul 2015 18:23:29 -0400, Naslund, Steve snasl...@medline.com wrote: That would be Tivo's fault wouldn't it. Partially, even mostly... it's based on

Re: Possible Sudden Uptick in ASA DOS?

2015-07-09 Thread Jared Mauch
On Jul 9, 2015, at 9:43 PM, Chuck Church chuckchu...@gmail.com wrote: -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Jared Mauch Sent: Thursday, July 09, 2015 9:08 AM To: Colin Johnston Cc: nanog@nanog.org Subject: Re: Possible Sudden Uptick in ASA

Re: Possible Sudden Uptick in ASA DOS?

2015-07-09 Thread Mark Andrews
In message 011d01d0bab1$e7890a00$b69b1e00$@gmail.com, Chuck Church writes: -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Jared Mauch Sent: Thursday, July 09, 2015 9:08 AM To: Colin Johnston Cc: nanog@nanog.org Subject: Re: Possible Sudden Uptick in ASA

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Owen DeLong
On Jul 9, 2015, at 18:19 , Laszlo Hanyecz las...@heliacal.net wrote: On Jul 9, 2015, at 11:08 PM, Owen DeLong o...@delong.com wrote: On Jul 9, 2015, at 15:55 , Ricky Beam jfb...@gmail.com wrote: On Thu, 09 Jul 2015 18:23:29 -0400, Naslund, Steve snasl...@medline.com wrote: That

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread manning
hum.. let me postulate. my lan, my kids, my guests, the drive-bys, … the LG stuff, the Apple stuff, the whitebox stuff, appliances … smart meters, switches, thermostats, toilets, water flow controls, … Microsoft can talk to the x-box, but i have no desire for them t see/know anything else

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Owen DeLong
On Jul 8, 2015, at 19:22 , Israel G. Lugo israel.l...@lugosys.com wrote: On 07/09/2015 02:31 AM, Owen DeLong wrote: Here’s the problem… You started at the wrong end and worked in the wrong direction in your planning. [...get larger allocation...] We are now left with only

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Tony Finch
Ricky Beam jfb...@gmail.com wrote: Talking about IPv6, we aren't carving a limit in granite. 99.9% of home networks currently have no need for multiple networks, and thus, don't ask for anything more; they get a single /64 prefix. Personal-area networks already exist. Phone/watch/laptop

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Mark Tinka
On 8/Jul/15 21:32, Owen DeLong wrote: I think the “THING” that people are starting to worry about is how to deploy a network when you can’t get IPv4 space for it at a reasonable price. I suppose the issue will become more real when you can't get any IPv4 space period. Mark.

Re: Possible Sudden Uptick in ASA DOS?

2015-07-09 Thread Jared Mauch
Really just people not patching their software after warnings more than six months ago: July-08 UPDATE: Cisco PSIRT is aware of disruption to some Cisco customers with Cisco ASA devices affected by CVE-2014-3383, the Cisco ASA VPN Denial of Service Vulnerability that was disclosed in this

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Baldur Norddahl
Hi, With RIPE you can get a /29 with no justification, so if you have any less it is because you did not bother logging in to ripe.net and hit the get more button. ARIN gives you the option to make a network scheme based on nibbles but RIPE does not, so do not go there. Why try to allocate by

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Seth Mos
Residential users just buy another router for wifi coverage at the local wall mart. They have no clue about anything internet. That is why isp CPE devices should always perform dhcp-pd on their own to provide a prefix to the downstream devices so those have globally routed ipv6 too. For that

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Owen DeLong
On Jul 8, 2015, at 21:55 , Ricky Beam jfb...@gmail.com wrote: On Wed, 08 Jul 2015 22:49:17 -0400, Karl Auer ka...@biplane.com.au wrote: You, we, all of us have to stop using the present to limit the future. What IS should not be used to define what SHOULD BE. What people NOW HAVE in

Re: How to build an IPv6-only internal network?

2015-07-09 Thread Mark Tinka
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 8/Jul/15 22:23, Fred Baker (fred) wrote: (2) they use NAT64 (RFC 6146/6147) translation The only issue with NAT64 is that you still need some IPv4 space. If you can't get any anymore, despite all the millions of $$ in your bank, then we'll

Re: Possible Sudden Uptick in ASA DOS?

2015-07-09 Thread Colin Johnston
Hi Jared, thanks for update do you know provider/source ip of the source of the attack ? Colin On 9 Jul 2015, at 12:27, Jared Mauch ja...@puck.nether.net wrote: Really just people not patching their software after warnings more than six months ago: July-08 UPDATE: Cisco PSIRT is aware

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Mel Beckman
Using one-byte buffers, one hopes. :) -mel via cell On Jul 8, 2015, at 8:49 PM, Dave Taht dave.t...@gmail.com wrote: On Wed, Jul 8, 2015 at 7:49 PM, Karl Auer ka...@biplane.com.au wrote: On Wed, 2015-07-08 at 21:03 -0500, Mike Hammett wrote: I wasn't aware that residential users had

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Baldur Norddahl
On 9 July 2015 at 13:25, Mark Tinka mark.ti...@seacom.mu wrote: I suppose the issue will become more real when you can't get any IPv4 space period. Mark. That will never happen. If you offer me $1000 per IPv4, then I will happily terminate some user contracts and sell their IP space to

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Mark Tinka
On 9/Jul/15 14:53, Baldur Norddahl wrote: That will never happen. If you offer me $1000 per IPv4, then I will happily terminate some user contracts and sell their IP space to you... In fact it will never become even that expensive. With a marked price of $10 I am buying IP space for

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Mike Hammett
I think you're confusing very common for a tech guy and very common for the common man. I have a dozen or two v4 subnets in my house. Then again, I also run my ISP out of my house, so I have a ton of stuff going on. I can't even think of a handful of other people that would have more than one.

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Mike Hammett
Sounds like someone's getting caught up in the hype of a few buzzwords. I can't imagine where more than a couple bits of separately isolated networks in a home would be required. Most of those things you mentioned have no need to be isolated and are just being used to support a decision that

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Mike Hammett
Don't confuse someone's poor design with design goals. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest Internet Exchange http://www.midwest-ix.com - Original Message - From: Dave Taht dave.t...@gmail.com To: Karl Auer ka...@biplane.com.au

Telia Globalcrossing ASH peering issue

2015-07-09 Thread Frederik Kriewitz
Hello, is someone from GBLX/Level 3/Telia around? It looks like there's a problem with one of your peerings/LAGs. The problem exists since 00:36 UTC working path: traceroute from 71.80.34.222 to 151.248.24.61 (151.248.24.61), 30 hops max, 40 byte packets 1 192.168.30.1 (192.168.30.1) 0.416 ms

Re: Possible Sudden Uptick in ASA DOS?

2015-07-09 Thread Jared Mauch
My guess is a researcher. We saw the same issue in the past with a Cisco microcode bug and people doing ping record route. When it went across a LC with a very specific set of software it would crash. If you crashed just upgrade your code, don't hide behind blocking an IP as people now know

RE: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Matthew Huff
I've seen VLAN/subnet security used frequently in the financial world, even to the point of having full firewalls between vlans/subnets. Mostly for regulator purposes (Chinese firewall and all that). It's also common to allow outbound requests or redirect to different proxies based on source

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Owen DeLong
And I’m saying you’re ignoring an important part of reality. Whatever ISPs default to deploying now will become the standard to which application developers develop. Changing the ISP later is easy. Changing the applications is hard. Let’s not bake unnecessary limitations into applications by

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread manning
one word.RFC 1918. Here is an perpetual well of IPv4, packed down, overflowing. manning bmann...@karoshi.com PO Box 12317 Marina del Rey, CA 90295 310.322.8102 On 9July2015Thursday, at 6:02, Mark Tinka mark.ti...@seacom.mu wrote: On 9/Jul/15 14:53, Baldur Norddahl wrote: That

RE: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Naslund, Steve
Huh, since when does ANY application care about what size address allocation you have? A V6 address is a 128 bit address period. Any IPv6 aware application will handle addresses as a 128 bit variable. Does any application running on IPv4 care if you have a /28 or a /29? In fact the

Re: Hotels/Airports with IPv6

2015-07-09 Thread Carsten Bormann
Oliver O'Boyle wrote: It's not their job to even know to ask for a specific protocol version in the first place No. They should just ask, with the best geek intonation, whether this place still is stuck with 32-bit Internet. Grüße, Carsten

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Randy Carpenter
- On Jul 9, 2015, at 4:56 PM, Naslund, Steve snasl...@medline.com wrote: Huh, since when does ANY application care about what size address allocation you have? A V6 address is a 128 bit address period. Any IPv6 aware application will handle addresses as a 128 bit variable. The

Re: Hotels/Airports with IPv6

2015-07-09 Thread Oliver O'Boyle
Unfortunately, the hotel staff wouldn't be able to answer that question. But they might give them free internet in exchange and hope the guest doesn't ask any more questions! On Thu, Jul 9, 2015 at 5:01 PM, Carsten Bormann c...@tzi.org wrote: Oliver O'Boyle wrote: It's not their job to even

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Owen DeLong
Sigh… Home gateways are an application in this context. How the firmware gets written in those things will be affected. Further, applications do care about things like “Can I assume that every home is reachable in its entirety via a packet to ff02::group?” which is, for example, already baked

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Jared Mauch
On Jul 9, 2015, at 3:38 PM, Tyler Applebaum appleba...@ochin.org wrote: Do people actually use VLANs for security? It's nice to implement them for organizational purposes and to prevent broadcast propagation. I would generally say yes. For example, if you are a wireless access point you

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Jared Mauch
On Thu, Jul 09, 2015 at 08:02:40AM -0500, Mike Hammett wrote: Sounds like someone's getting caught up in the hype of a few buzzwords. I can't imagine where more than a couple bits of separately isolated networks in a home would be required. Most of those things you mentioned have no need to

RE: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Naslund, Steve
I don't have a problem with that use case IF there is a real firewall between VLANs. I was mostly referring to residential networks however. As far as guest access, a lot of today's CPE does that with its internal firewall creating an ACL for anyone on the guest network. The VLAN barrier is

RE: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Naslund, Steve
In short, I'm saying that you should set your default so it is easily changed on the fly and then it won't matter if you are wrong. Steven Naslund Chicago IL In short, much of what you say below has been discussed before and with the general conclusion “geography != topology and no,

RE: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Naslund, Steve
You quickly run into religion here. I run my home as a big broadcast domain, but there's no reason I wouldn't perhaps segment things differently. There are a lot of people who just extend their wifi by plugging in a 2nd router with a long cable and don't realize they now have

RE: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Naslund, Steve
Seems to me that the problem might be thinking that the allocation toward the customer is a static thing. I think it is limiting to think that was going forward. Our industry created DHCP so we didn't have to deal with statically configured users who did not want to deal with IP addressing.

RE: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Tyler Applebaum
Do people actually use VLANs for security? It's nice to implement them for organizational purposes and to prevent broadcast propagation. -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Naslund, Steve Sent: Thursday, July 09, 2015 12:24 PM To: nanog@nanog.org

RE: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Naslund, Steve
Yes, and that is a problem. Usually because it is not granular enough and there are a lot of ways to get onto another VLAN (physical access and packet trickery). It is a pretty weak form of security policy. Now, if we assume that VLAN based security is weak and that most homes do not

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Owen DeLong
In short, much of what you say below has been discussed before and with the general conclusion “geography != topology and no, geographic allocation would not improve summarization”. I’m not saying that assignments need to be static, but I am saying that we need to put the default size

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Randy Carpenter
- On Jul 9, 2015, at 4:07 PM, Naslund, Steve snasl...@medline.com wrote: In short, I'm saying that you should set your default so it is easily changed on the fly and then it won't matter if you are wrong. Absolutely. Also, since it won't matter if we are wrong, let's use /48 as the

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Owen DeLong
On Jul 9, 2015, at 05:53 , Baldur Norddahl baldur.nordd...@gmail.com wrote: On 9 July 2015 at 13:25, Mark Tinka mark.ti...@seacom.mu wrote: I suppose the issue will become more real when you can't get any IPv4 space period. Mark. That will never happen. If you offer me $1000

RE: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Tony Finch
Matthew Huff mh...@ox.com wrote: When I see a car that needs a /56 subnet then I’ll take your use case seriously. Cars need partitions between their automotive network, their entertainment network, and their passenger wifi. Tony. -- f.anthony.n.finch d...@dotat.at http://dotat.at/

RE: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Matthew Huff
Sure, they may be 100,000+ networks like that in non-technical households. Maybe. I doubt it, but still that would be like 0.01%. Many consumer systems have trouble with L3 hops (mDNS/Bonjour, etc...). First thing tech support will suggest it to put them on the same network. People have been

Re: Hotels/Airports with IPv6

2015-07-09 Thread Oliver O'Boyle
Unfortunately, there are still some that would report 2mbit via dsl and think that was ahead of their competition (and it might be in some cases...)... On Jul 9, 2015 5:51 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote: No. They should just ask, with the best geek intonation, whether this place

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Ricky Beam
On Thu, 09 Jul 2015 18:05:00 -0400, Owen DeLong o...@delong.com wrote: Look again… IPv6 is already more than 20% of Google traffic in the US. 20% of *1* site's traffic does not equal 20% DEPLOYMENT. (read: 20% of internet DEVICES (CPE) connected by IPv6)

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Ricky Beam
On Thu, 09 Jul 2015 18:23:29 -0400, Naslund, Steve snasl...@medline.com wrote: That would be Tivo's fault wouldn't it. Partially, even mostly... it's based on Bonjour. That's why the shit doesn't work over the internet. (It's just http/https, so it will, in fact, work, but their apps

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Owen DeLong
On Jul 9, 2015, at 15:45 , Ricky Beam jfb...@gmail.com wrote: On Thu, 09 Jul 2015 18:05:00 -0400, Owen DeLong o...@delong.com wrote: Look again… IPv6 is already more than 20% of Google traffic in the US. 20% of *1* site's traffic does not equal 20% DEPLOYMENT. (read: 20% of internet

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Owen DeLong
On Jul 9, 2015, at 15:55 , Ricky Beam jfb...@gmail.com wrote: On Thu, 09 Jul 2015 18:23:29 -0400, Naslund, Steve snasl...@medline.com wrote: That would be Tivo's fault wouldn't it. Partially, even mostly... it's based on Bonjour. That's why the shit doesn't work over the internet.

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Mark Andrews
In message 9578293ae169674f9a048b2bc9a081b401c7097...@munprdmbxa1.medline.com , Naslund, Steve writes: Subject: Re: Dual stack IPv6 for IPv4 depletion Because vendor pressure depends on a userbase that knows enough to demand fixes. No vendor pressure is dependent on people buying

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Mel Beckman
Yes, the reason is that we'd never had ARIN turn down a request due to space exhaustion before. In 12 months we'll see the prices will go up significantly. Don't underestimate the demand, which is easily measured via ARIN space allocation reports. That demand rate has very little flexibility,

Re: Possible Sudden Uptick in ASA DOS?

2015-07-09 Thread Ricky Beam
On Thu, 09 Jul 2015 07:27:16 -0400, Jared Mauch ja...@puck.nether.net wrote: Really just people not patching their software after warnings more than six months ago: A lot goes into updates. Not the least of which is *knowing* about the issue. Then getting the patched code, then lab

Re: Possible Sudden Uptick in ASA DOS?

2015-07-09 Thread Jared Mauch
On Jul 9, 2015, at 5:35 PM, Ricky Beam jfb...@gmail.com wrote: On Thu, 09 Jul 2015 07:27:16 -0400, Jared Mauch ja...@puck.nether.net wrote: Really just people not patching their software after warnings more than six months ago: A lot goes into updates. Not the least of which is

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Ricky Beam
On Thu, 09 Jul 2015 11:08:53 -0400, Marco Teixeira ad...@marcoteixeira.com wrote: On Thu, Jul 9, 2015 at 3:46 PM, Harald Koch c...@pobox.com wrote: The common man is becoming much more sophisticated in their networking requirements, and they need this stuff to just work. Please don't place

Re: Hotels/Airports with IPv6

2015-07-09 Thread Alan Buxey
No. They should just ask, with the best geek intonation, whether this place still is stuck with 32-bit Internet I'm sure they'd gladly report that their Internet is 24 mbit and not just 32 bit ;) alan

Re: Possible Sudden Uptick in ASA DOS?

2015-07-09 Thread Nick Hilliard
On 09/07/2015 22:35, Ricky Beam wrote: Free if you have a support contract. No, free-as-in-beer. You register a guest CCO account, email t...@cisco.com, provide the device serial number (or output of show hardware) and the bugid + Cisco PSIRT URL reference. Cisco TAC will then provide you with

RE: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Naslund, Steve
Huh, since when does ANY application care about what size address allocation you have? A V6 address is a 128 bit address period. Any IPv6 aware application will handle addresses as a 128 bit variable. The DHCPv6-PD server application on your router(s) might care. Do you know of a

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Owen DeLong
On Jul 9, 2015, at 14:50 , Ricky Beam jfb...@gmail.com wrote: On Thu, 09 Jul 2015 11:08:53 -0400, Marco Teixeira ad...@marcoteixeira.com wrote: On Thu, Jul 9, 2015 at 3:46 PM, Harald Koch c...@pobox.com wrote: The common man is becoming much more sophisticated in their networking

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Owen DeLong
Because vendor pressure depends on a userbase that knows enough to demand fixes. Simple fact is that if most ISPs deploy degraded services, vendors will code to the lowest common denominator of that degraded service and we’ll all be forced to live within those limitations in the products we

RE: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Naslund, Steve
Subject: Re: Dual stack IPv6 for IPv4 depletion Because vendor pressure depends on a userbase that knows enough to demand fixes. No vendor pressure is dependent on people buying their stuff. Don't send that CPE to your user if it does not meet your standards. If their stuff breaks because

RE: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Naslund, Steve
So, why not demand that firmware accepts ANY mask length just like VLSM v4. I don't see what possible difference it will make if it is a /56 or /48 and I don't think you should make ANY assumption based on either of those being correct for any particular application. An assumption you make

RE: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Naslund, Steve
On Thu, Jul 9, 2015 at 3:46 PM, Harald Koch c...@pobox.com wrote: The common man is becoming much more sophisticated in their networking requirements, and they need this stuff to just work. Please don't place artificially small limits just because you can't see a need. Probably because

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Ricky Beam
On Thu, 09 Jul 2015 16:00:35 -0400, Naslund, Steve snasl...@medline.com wrote: Now, if we assume that VLAN based security is weak and that most homes do not generate enough broadcast traffic to be an issue, what exactly is the reason that a residential customer needs a lot of VLANs? Answer,

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Ricky Beam
On Thu, 09 Jul 2015 19:08:56 -0400, Owen DeLong o...@delong.com wrote: the reality I’m trying to point out is that application developers make assumptions based on the commonly deployed environment that they expect in the world. Partially. It's also a matter of the software guys not having

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Karl Auer
On Thu, 2015-07-09 at 08:02 -0500, Mike Hammett wrote: I can't imagine [...] And that, right there, is the problem. Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) http://www.biplane.com.au/kauer

Re: Dual stack IPv6 for IPv4 depletion

2015-07-09 Thread Mike Hammett
Solutions looking for problems. I get a few subnets (though don't foresee it being likely). Someone here was mentioning dozens or hundreds of subnets for a residential customer. Um, no. If you feel the need to segment private wire and private wireless, okay. Then there's guest... um, and M2M?